Everything you need to know about clouds and hybrid IT

Understanding how service offerings like XaaS, PaaS, and SaaS are redefining the future of the data center.

Some people are still a little cloudy about the cloud. They shouldn't be.

Let's go over the basics again. The National Institute of Standards and Technology spelled out cloud computing for us years ago: "Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction."

Clouds must have five essential characteristics: On-demand self-service, broad network access, resource pooling, rapid elasticity or expansion, and measured service. On these fundamentals, cloud designers have created a whole new IT approach.

As you might guess, a hybrid cloud bridges the gap between public and private using your own special mix of public and private cloud services.

However, as clouds have continued to develop, the spaces between public and private models have shrunk. Case in point: you can use Azure as a public cloud or deploy it in-house as a private cloud and a hybrid cloud. For example, the HPE | Microsoft Azure Stack solution can connect the Azure public cloud with Azure running on top of your existing servers.

[ Keep up with infrastructure and IT ops with enterprise.nxt’s newsletter. Subscribe now ]

From a business perspective, the closer you are to using public clouds, the more your IT spend shifts to operating expenses (Opex) versus capital expenses (Capex). As the top brass see it, public cloud-based technology promises to replace high Capex with lower Opex.

How much of a savings is this? Mark Pietrasanta, chief technology officer at Aquilent, a government IT solutions provider, says that compared with typical data centers, customers can realize "dramatically reduced costs—often 75 to 90 percent savings." That sounds good to me!

Even if you don't realize that kind of savings, your CFO gets more predictable IT operating expenses. That's always a good thing.

The three main cloud services

No matter which cloud model you use, there are three main ways to consume cloud resources: infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS).

You've heard of many other kinds of cloud services. For example, there's data as a service, test environment as a service, desktop as a service, and API as a service. Those are all corner cases. For practical purposes, IaaS, PaaS, and SaaS are the only ones you need to worry about.

IaaS

IaaS is the building block for all the other cloud services. With IaaS, users are given access to physical or, more commonly, virtual servers. These provide file storage (think Dropbox) and other fundamental computer services, such as firewalls, load balancers, virtual LANS, and domain name servers.

The primary advantage of IaaS is scalability. With an IaaS hybrid cloud, you can quickly ramp up additional resources. For example, if your storage needs balloon from the terabytes of a private IaaS to a public cloud's petabytes, you can master the expansion simply by paying for more room using a hybrid model.

An IaaS offers more than just storage. It can also provide shared storage space for your workgroups.

As Microsoft has pointed out, an IaaS is more than just disks in the cloud: "Applications that require complete control (e.g., disaster recovery services that need to clone the drive by capturing disk I/O at the driver level, software licensing service based on the virtual MAC address) can be built on IaaS. The developers and IT professionals have access to the complete app platform stack, user mode subsystems, and kernel-level control so that the VM can be customized to the needs of the business domains they serve."

If you use any kind of cloud, underneath it all you'll find an IaaS. It may be invisible to your users, but it's there.

PaaS

With a PaaS, you can take your existing in-house applications and migrate them to a cloud. This makes your programs more elastic. Let's say your user base goes from hundreds to thousands. With a PaaS, your resources can expand to meet client needs without overprovisioning.

A PaaS solution can often require a lot of work from your developer team. For example, if your applications rely on local file systems, expect locally stored data to be persistent between restarts, or rely on a media access control (MAC) address for licensing. All will require serious rework before they can be cloud-deployed.

Additionally, rewriting system diagnostics, accommodating resource governance in a multi-tenant setting, and implementing software metering can be troublesome. Finally, once you've moved an application to a PaaS, porting it back to its older model is not easy. In short, look before you leap when moving your program to a PaaS.

On the other hand, after your team has moved the application to the cloud, maintaining it should be easier. Cloud architectures, with their reliance on Representational State Transfer (REST) web services, are relatively simple to maintain.

SaaS

Once you've used a PaaS to build prepackaged applications, you have SaaS. SaaS started as a variation of client/server computing and then took a left turn into application service providers in the late 1990s and early 2000s.

SaaS became mainstream because of two factors. First, the cloud architecture’s elasticity made it possible to deliver applications without manual intervention. And second, the web browser became the universal user interface. So we now have Google Docs, Office 365, Salesforce CRM, and a horde of other applications.

Whether you're using someone else's application or running your own, there are numerous advantages to using SaaS. These include:

Fast deployments. SaaS software solutions can be implemented in a matter of weeks versus months. Adrian McDonald, EMC's EMEA president, claims that, thanks to the cloud, the average time for new application deployments will be reduced by more than 20 percent. Once you've finalized a SaaS program design, you can easily deploy it. How? By using the cloud to simplify the complexities of ordering, configuring, staging, and scheduling to a SaaS-based web interface.

Universal access. Thanks to its reliance on the web, if you or your customers have access to the Internet, they can work with your programs.

Cloud pros and cons

Besides the financial benefits of a cloud model, there are three other major reasons to use XaaS with your existing servers and a public cloud in a hybrid model:

Faster time to market: Instead of hours in manual setup time, it takes less than a minute to set up a new server automatically. In addition most of the design has already been validated because it's based on reference architectures.All you need to do is customize it to your unique needs.

Improved ongoing support: For most as-a-service models, ongoing support and maintenance services such as service desk, tiered support, network monitoring, and third-party vendor management can be handled by the cloud provider. In addition, the ability to leverage resources at cloud scale lets you support as-a-service solutions more cheaply than those of self-managed, one-off programs.

Resilience: With a hybrid model, your IT infrastructure is stored not only on your site, but also on a public cloud. The meteorite that strikes your data center is unlikely to also hit your cloud provider's data center. This way, even if a disaster strikes your business, you still have access to your data and programs. That means you can always be sure you'll be able to get your company back up and running.

That's the good news. Now, here are some things that can go wrong with a cloud-based IT infrastructure.

1. Security concerns

The more you turn your resources over to the public cloud, the less control you have over them. You are, after all, leasing servers instead of owning them. This can be a real worry, For example, the Cloud Security Alliance lists no fewer than a dozen serious security concerns in its Treacherous 12 list. Most of these are far more dangerous to public cloud consumers.

That doesn't mean clouds can't be secured. The CIA knows a thing or two about security, and the agency entrusts its secrets to a private AWS cloud. According to Jill Tummler Singer, former deputy CIO at the CIA: "By keeping the cloud inside your firewalls, you can focus your strongest intrusion detection and prevention sensors on your perimeter, thus gaining significant advantage over the most common attack vector: the Internet."

This is another reason why the hybrid model can work for you. By keeping your company's crown jewels inside a private cloud and leaving day-to-day materials on a public cloud, you can balance security and cost savings.

2. Compliance

Security is hard. Compliance with security regulations can be harder. Ask healthcare providers about toeing the line for the Health Insurance Portability and Accountability Act (HIPAA). Ask financial service firms about jumping through Gramm-Leach-Bliley hoops. Ask accountants about their Sarbanes-Oxley nightmares. Oh, and don't forget about financial companies that must comply microsecond by microsecond with Payment Card Industry Data Security Standard (PCI-DSS) regulations. It's not easy.

Making matters even more complex, public cloud providers aren't governed by the same rules that apply to your vertical company. According to Jim Whalen, senior analyst at The Taneja Group: "HIPAA requires that organizations providing business services to regulated customers must qualify as a 'business associate.' Cloud providers aren't subject to the same level of compliance and reporting that apply to healthcare businesses." In short, the buck stops with you, not your cloud provider.

There are public clouds that are authorized to handle authorized data types. For example, Cerner can handle electronic health records. But your run-of-the-mill public cloud can't be trusted with this data. You'll need to keep it within the confines of your private cloud.

3. Performance

A cloud-based application is only as good as your users' Internet connectivity. According to the latest Akamai Internet report, 80 percent of U.S. Internet users now have an average connection speed faster than 4 Mbps, but less than half (46 percent) have 10 Mbps. If your application is graphics heavy or requires video, you're going to have trouble keeping your customers happy.

Hybrid IT

This balancing act of cost, flexibility, control, risk, and security is pushing many organizations to adopt hybrid IT strategies.

This isn't just the hybrid cloud. True, a properly implemented hybrid cloud enables you to benefit from both private and public cloud models. For example, you can use your private cloud with its faster internal network and increased privacy for mission-critical, private data. Concurrently, you can use the public cloud network for more innocuous tasks such as sharing resources, backing up private data, and hosting low-security data.

But you don't need a cloud for everything. Lydia Leong, distinguished analyst at Gartner, says, "Not everything can or should be cloud. Customers have plenty of applications that they probably will never move to the cloud—or at least will not move to the cloud in any kind of reasonable time frame."

That's where hybrid IT comes in. As HPE puts it: "This is about having the right infrastructure optimized for each of your applications, old or new. But it isn’t just in your data center. It isn’t just in the cloud. Your infrastructure has to be everywhere, at the right cost, at the right performance, with the right management, at the right scale. And it all has to work together seamlessly. A hybrid infrastructure—one that seamlessly combines public cloud, private cloud, and traditional IT."

This is about having the right infrastructure optimized for each of your applications, old or new. But it isn’t just in your data center. It isn’t just in the cloud. Your infrastructure has to be everywhere, at the right cost, at the right performance, with the right management, at the right scale. And it all has to work together seamlessly. A hybrid infrastructure—one that seamlessly combines public cloud, private cloud, and traditional IT.

Leong adds, "Lots of people are still running mainframe systems, for instance, that are unlikely to end up going to the cloud, at least until the applications themselves are replaced. For those systems where there is no pressing need to move them onto a cloud infrastructure, it can be better to avoid the expense of doing so until necessary."

The two models can, of course, work together. While your application may still live in a mainframe, there's no reason it can't be presented to users on the web via SaaS. As ever, interoperability and integration will be an important part of central IT's job.

Managing the proper balance of cloud and traditional IT isn't easy. But with an organized hybrid IT plan, you can move your company into the future using both 21st century cloud and your existing technology with its 20th century roots.

Clouds and hybrid IT: Lessons for leaders

Understanding what the different clouds and cloud services can bring to the table means first understanding your own infrastructure and business needs

Clouds are not a universal solution; understand the potential problems as well as advantages

Proper planning is mandatory for the successful implementation of cloud and hybrid IT solutions.

Steven J. Vaughan-Nichols, a.k.a. sjvn, has been writing about technology and the business of technology since CP/M-80 was the cutting-edge PC operating system, 300bps was a fast Internet connection, WordStar was the state-of-the-art word processor, and we liked it. His work has been published in everything from highly technical publications (IEEE Computer, ACM NetWorker, Byte) and business publications (eWeek, InformationWeek, ZDNet) to popular technology magazines (Computer Shopper, PC Magazine, PC World) and the mainstream press (Washington Post, San Francisco Chronicle, Businessweek).

Steven J. Vaughan-Nichols, a.k.a. sjvn, has been writing about technology and the business of technology since CP/M-80 was the cutting-edge PC operating system, 300bps was a fast Internet connection, WordStar was the state-of-the-art word processor, and we liked it. His work has been published in everything from highly technical publications (IEEE Computer, ACM NetWorker, Byte) and business publications (eWeek, InformationWeek, ZDNet) to popular technology magazines (Computer Shopper, PC Magazine, PC World) and the mainstream press (Washington Post, San Francisco Chronicle, Businessweek).